I come from cyberspace - lecture 4

Cyber space: the notional environment in which communication over computer networks occurs. Cyberspace is a word that was first coined by William Gibson, first being mentioned in his book ‘Necromancer’ - depicting cyberspace to be in-between utopia and dystopia. Maybe this is suggesting that humans have mixed emotions towards cyberspace, out of caution we are looking at potential futures and their extremes - its fear of the unknown through caution. As we acknowledge the good and the bad of cyberspace, but can we truly trust something that can be extremely good and become extremely bad in a short span of time? 

Many works of entertainment have been depicting the future, feeding the scifi genre and its fans - films such as Back to the future, The Matrix, Tron and Blade runner have been highly influential. Tron and The matrix share similar themes that, cyberspace is a place that is both physical and non physical. As both films have protagonists entering or being in worlds that aren’t physical but, require physical equipment to maintain this non-physical reality. This same concept corresponds with real life, as the internet is both physical and digital. Ruslan Tnikeev created the ‘the internet map’ an image that represents the internet and what is commonly searched and things associated with it. Pretty interesting how someone is trying to map out something non physical. 

Besides non physical and physicality, the internet was a place filled with many opportunities - besides chemical intoxication. Many people felt like they were being liberated from society, as the cyberspace feels like a very free environment. John Perry Barlow, created the declaration of the independence of cyberspace - trying to stop politics from entering the free world known as cyberspace. 

This connects well with an app were you can remove text from posts - it gets rid of all the noise of cyberspace, allowing you some piece of mind. Cyberspace is all about communication but, you don’t always need words to communicate a message - sometimes its nice to see something and just think about it. Since the internet can be overwhelming with the vast amount of information, its just simply too much to register. 

But overall the lecture gave a lot of food for thought on the notion of cyberspace as a whole. This was an interesting approach towards cyberspace, and the impact it has on people and society as a whole. 

Week 06: Lecture Reflection

We started by going over some of the content from last week. We recovered Initialisation Vectors (IV) and how WEP uses them to encrypt the packets. When an algorithm deals with a sequence of things (such as merkle damgard), it needs something to start off with, i.e. an IV. One of the basic requirements of an IV is that it must be unique, as in it’s used only once. 

https://en.wikipedia.org/wiki/Initialization_vector

We talked about how mixing data and control was a bad idea, using his post office story as an analogy. If there is an ambuguity between data and control, and if the user has control over the ambuguity, then the user has control over the channel. 

We started covering buffer overflows. The basic idea is that if you write data to a buffer, and the data is larger than the buffer, the data can overwrite whatever is adjacent to that buffer. We also covered stacks, which I kind of remember from comp1521, where when a program is paused to allow another program to run, its data/variables are stored on the stack, and will be accessed when the program is allowed to run again. You can do buffer overflows on the stack. 

https://en.wikipedia.org/wiki/Buffer_overflow

We covered proof of work. An example of this is in cryptocurrency, most notably bitcoin where it takes a lot of work to create a new page/ledger. Making it hard to fake pages means it gives a guarantee that the money is safe. Another example we covered is password stretching, i.e. 3 chances at a password before you get a timeout. 

Moore’s Law, where it was discovered that the number of transistors in technology doubled every year, and computing power doubles at a slightly faster rate - 18 months. 

Disk encryption, especially how microsoft windows doesn’t actually encrypt when you ask it to. Cold boot attack, where you unplug a computer and lower the temperature really quickly, hoping that the data stored on the RAM won’t disappear as fast. In the evening, two groups presented Web & Crypto. 

We covered the difference between symmetric and asymmetric ciphers. We started covering the last of the CIA properties, authentication. There were 3 factors to authentication

Something you know (like a password)

Something you are (like fingerprint or retina)

Something you own (like an sms message to your phone) 

Week 11 - Gestalt Principles

This lecture was intriguing, never really saw how proximity can change the perception of the viewer! This lecture brought up the principles of proximity, similarity, continuity, figure and ground etc. These images give room for viewer’s perception, allowing the viewer to deduce the message of the image. This showed me another dimension of visual communication and how perspectives can be seen in another dimension through these principles. Here are some examples that have used gestalt principles:

In the case of this logo for “Hope for African Children Initiative”, the Africa continent is made distinct through figure and ground. Similar faces of children are seen too. When put together, they bring across a message about African Children. Although it is not a complete picture of Africa, the viewer is able to deduce it as the Africa continent, bringing closure. 

This is another interesting one that I noticed, where gestalt principles are applied in logo design. This is a classic IBM logo. Using Figure and ground, the blue colour form the figure while the white lines that cut across form the ground. It may not be a complete picture of the words IBM, but when seen, there is sufficient shapes to deduce that it is IBM.

Through the way gestalt principles are applied, I noticed how strong messages can still be put across without the need for contrasts. The use of Gestalt principles is very much evident in our lives, from company logos to the everyday design we see on the streets. These principles shape the way we perceive things and influences the way we have an impression on things. They are very much important in constructing general design, bringing an innovative spin to the things  that we will normally see.

Week 04: Lecture Reflection

This weeks lecture, I found it a bit difficult to take down notes, wasn’t sure what to write at times. We covered how patterns in data can be exploited. Most notably with the english language and the substitution cipher. Then we covered a telegraph example, and different ways to attack the telegraph between the central bank and a regional bank. We covered a little bit on hashing, with the birthday example and how it exploits hash collisions. 

In the evening lecture, it was mostly presentations. The social engineering group presented, it was really really interesting. Life cycle of social engineering, different ways to go about social engineering. A case study on an example with a small airplane base? And how to exploit people by using pyschology. After that it was the guest speaker from the reporter Matt O’Sullivan. He mostly talked about FOI requests. 

Lastly a little bit more on hashing. Some properties of cryptographic hash functions, desired resistance against attacks. Followed by some examples of uses, most notably MACs. I was tired so I left, but I was kinda interested in the movie The Sting, mostly for Robert Redford. I quite liked some of his other films (sneakers, spy game)

Week 03: Lecture Reflection

The main theme of the morning lecture this week is risk. I think that the key idea to take away that Richard wanted everyone to understand is that risk is invisible, and that taking the risk and getting away with it, is just as bad as if something bad did happen. He also talked about how humans are bad at estimating and thinking about low probability high impact events. We either obsess over it and pour billions of dollars in, or we’ll do nothing about it. 

He talked about centralising services, how we tend to clump together e.g. gmail. It’s good because these services work really well, but it turns into a single point of failure, and if something goes wrong, it can be catastrophic. 

The evening lecture moved away from risk and focused more on cryptography. Mostly about public key cryptography. We covered merkle puzzles which are really cool. Person A makes 100 notes, each note contains a number (1 - 100) and a key. Each note is encrypted with a simple cypher, maybe substitution. Person B picks a random note, easily decrypts it, encrypts his own message using the key taken from the note. Person B then tells person A, I’m using note number 33, heres my encrypted message. Person A can very easily find note 33 and find the corresponding key, but an attacker will take a lot longer to find the right note. It increases the “speed up”. 

Richard quickly rushed through RSA, but I got it eventually, through the tutorial. Also this week I actually watched the 2016 lecture recordings as well. He covered Diffie Hellman key exchange, which I don’t think was covered in this weeks lecture. Oh and I get bits of security better now.

Typologies and archetypes - Letcture 7

Typology: a classification according to general type, especially in archaeology, psychology, or the social sciences.

It’s the idea that things can be classified or catergoised into sections and areas, such a Jamie McCartney’s “the great wall of vagina”. This piece was made to change the view of the female body, i think it does its job as it’s saying that not every lady’s vagina is the same - thus stopping women from feeling inferior towards their peers, giving a sense of relief and belonging in the sense that it’s okay that it’s a little different. As we’re all a little different and that’s okay, but we’re all women regardless of our differences.

Thomas Ruff did something similar but with his students, he took passport like photos of each student and blew the images up. Possibly suggesting theres a sense of uniform. Or it’s a play around with identity, in my opinion the work is a collection of students and how each of their photos makes them an individual but when together they’re united by the fact that they’re students. They can be easily catergorised by that tagline, that’s a common trait they share and thus unifying them.

When it comes to archetypes, Tarantino might have possibly created one for gangsters - as we associate sharply dressed men as gangsters possibly because of Tarantino. As he made this evident in the film Pulp fiction as Samuel Jackson and John Travolta were smartly dressed gangsters ready to kill. These two set the standard for future gangsters and they’re apearences, thus creating an archetype for sharply dressed gangsters.

To summaries typology is the idea of catergosing things, items or even living beings.

The city of ruins - Lecture 5

Urban decay is the process whereby a previously functioning city, or part of a city, falls into disrepair and decrepitude.

It is becoming a growing trend for people to take photos of decaying buildings, this is evident through the popular hashtag #urbex on instagram - suggesting that there is a certai appeal to abandoned buildings and ruins. We find it daring to sneak into places we aren’t allowed to enter, that feeling of adventure and adrenaline motivates people to do these things. Also another popular trending hashtag is #ruinporn, i guess ruins really are a popular trending thing, but why are they popular? why are people drawn to them?

Historical context and kitsch ruins:

Maybe ruins are popular because of tutorism, as many people enjoy seeing them from a historical point of you.

The fondness for ruins increased in the 17th century and 18th century.

Folly - using ruins as a form of decoration, meaning you’re purposely making/creating a building to look like a building for aesthetic purposes. The reason they used the word ‘folly’ was because it comes from the word ‘foolishness’ or, lack of good sense. But a folly can also be seen as a building providing reminders of the failings of the past.

The jealous wall - Belvedere house 1740:

It was a short marriage but the wife basically married her husbands brother , the wall was built to block the ex husbands view of their home. If ruins keep exs away then i’ll gladly participate in #ruinporn.

It’s strange how we find it normal for fish tanks to have model ruin civilisations in them - is this a reference to the lost city of Atlantis or do fish secretly want to be destroyers of worlds? But still isn’t it strange how ruins still appeal to us? They’re a reminder of the past and the future, thats pretty bizarre. eg: Planet of the apes (1968) ruins represent disaster and the end of the world.

The ruinous effect of urban planning: 

New grand urban plans relied on ruins, as they were a reason to demonlish and reconstruct new buildings. Then those new buildings became ruins themselves, they’re a reminder of the old past dreams, a utopian dream of a new world. A reminder that they’re dream died and became the thing that they sought to destory is interesting.

Demolishing is popular:

The long river by Nadav Kander is like a ‘reverse ruin’, it’s half constructed ruins that, so it’s the a ruin in the sense that it’s falling apart but it’s also something thats just been constructed. Interesting, maybe the reverse ruin will trend on instagram?

The treachery of images: the historical context of surrealism and its lasting legacy - Lecture 3:

Surrealism is a very bizzare thing, especially when you start getting into details about the complexities and, many fetishes of its famous representatives.  Surreal means bizzare or dream like, the sur pretext meaning ‘over, above or in addition’.

The talk about automatism was very interesting, that people’s involuntary actions or thoughts can say a lot about ourselves. What made it more interesting were the flaws that can be disputed about the theory, in regards to Freuds ‘free association’. Where patients are told to say words that come from the top of there heads - then you look at the words that have an association with eachother. The flaws would be, if a patient tried too hard to be random - then what they’re saying isn’t involuntary at all, but rather voluntary. But, the artwork is interesting, as Andre Masson let his hand go wild he created many bizzare pieces of artwork. But how can you mindlessly draw, drawing comes with a thought or and idea in mind... so how does automatic drawing work?

Surrealism wanted to push boundaries and explore things that society brands as a taboo - so they decided to dismember and eroticism the body. This part of surrealism was inspired by Freud’s views on psychological sex... oedipus complex. But these things do say a lot about people, such as Dali’s piece on ‘the great masturbator’ - representing his sexual fears, attractions and anxieties. eg: fetishing feces.

The uncanny was intriging, as i never thought about surrealism being familiar yet disgusting at the same time - kind of sums up how you can feel about the artwork. As they distort things we are familiar with, and then disturb us with the unusualness of a familiar thing being reinvented.

Overall: this was a very interesting lecture, i’m looking forward to the next set of psychological themed lectures. As they make us thing more deeply and carefully, about our comfort zones in art and what they say about us as people.

Rave culture - lecture 2

Rave culture was more than about partying, getting layed and getting high -it was a movement formed by a community of people who seeked a change. An ulternative to the political choices that were around at the time, music and moshs brought people of all ethnic backgrounds together.

The political stand off was against neo liberalism, personally i’ve never really understood poltics - i would have appreciated more of a break down in regards to its policies and the impact it could bring.

Rave culture had many sub genres, from fashion to politics - there was so much to cover with little time. But i am glad it was covered, i never knew it had such an impact on peoples lives.

overall: it was a bit too complicated, Rave culture seems too large of a topic to summaries into 1 lecture.

The image reproduced - lecture 1

“To collect photographs is to collect the world”, this lecture was interesting as it forces us to think deeply about a habit, we all subconsciously do as a society.  

I never truly thought about the impact photos had on people, and how we are precieved by others - photos are just images but they hold a lot of significance. eg: photos are evidence of our achievements, journeys and of things we simply like. Its crazy to see how they hold so much power over us.

The analysis of the selfie was intriguing, the whole idea of it feeding psychological/emotional needs was thoughtproking. That and it does lead many including myself to, ponder on ones own selfies and begin an existential crisis.

Overall: the lecture was interesting and relatable to us as students, sure it was trippy to think about the psychological needs the selfie comforts, and the way women beings shaped to be observed. But overall, it was interesting and gets the mind thinking, what else is there to something that seems so common. aka - i enjoyed the lecture.

Week 08: Lecture Reflection

In the morning lecture, we started off by covering errors, and the question was, when something goes wrong, what is the root cause? We covered root cause analysis, where we try to work out what was the original reason something went wrong, because if we can work that out, we can prevent future errors from occurring. We went through a cyber disaster example:

We could blame user error (shift the blame)

We could blame the culture 

After that we went through how humans focus on what grabs our attention instead of what’s important. We talked about magicians and how the whole trick relies on the magician controlling the audiences attention, drawing them away from where the real trick is happening. 

We covered frequency gambling, where we match the current situation with previous situations, and we pick the most common solution we’ve used in the past. We covered a few smaller topics like confirmation bias and satisficing (good enough, not perfect). Admittedly at this point in time my attention was drawn elsewhere and I stopped taking notes on the morning lecture. Hopefully I’ll be able to read through the compiled week 08 notes for what I missed out on.

In the evening lecture, Richard Buckland read us a story! About the 3 mile island nuclear reactor incident. “If you design a system without security in mind, expect normal security breaches” - Richard. He said we have to stop focusing on scapegoats and systems that can’t fail, and design systems so that the impact is limited when things go wrong. 

We covered the steps in asset management 

Work out your most important assets, and just defend them

Assume you will be breached and set it up so that it won’t be a total disaster (compartmentalize?)

Week 07: Lecture Reflection

We started off the morning lecture by going over some of the mid sem questions. I’m pretty sure I chose integrity for the question where they ask if you were the commander of an army and only the president knows the 10 digit nuclear launch code, what would you be worried about? I get that it’s Type 1 / Type 2 error in retrospect, at the time I was just thinking like what if the message was tampered with or something. The other question we covered, Q10 had no right solution! Full marks for everyone! 

We covered Proof of liveness quickly - proof that there is somebody behind the message. Followed by going over Diffie Hellman again. I remember we went through this in an earlier lecture. Diffie Hellman is to set up a shared key. 

So Allison and Bob both agree on a base and a modulus and they both pick their own secret. They each calculate base^(their own secret) mod modulus and they send that to each other. Then they get the other persons message and do secret = (other persons message)^(their own secret) mod modulus. In the end they both get the same shared secret. The diffie hellman exchange relies on the discrete log problem, where it is really hard to reverse the calculation base^(their own secret) ,mod modulus. 

https://en.wikipedia.org/wiki/Diffie%E2%80%93Hellman_key_exchange

We covered some definitions 

(From the lecture slides)

Vulnerability - a potential weakness in something

Exploit - attack a vulnerability

Software bug - vulnerability in software

Stack and the Heap

Stack - First In First Out 

When functions are called, their temporary information is stored on the stack 

Heap - when space is known at compile time - store on heap

Malloc -> put data on heap 

We covered types of software bugs 

Memory corruption - attacker changes the memory, attack can control what the program does

Format String Attack 

C uses printf, 1st argument is format string telling it what to do with the remaining arguments, but if it’s not a control variable, it just prints it out 

printf(”Richard %s”) works fine, since there is no next argument in the function call, printf will just look lower into the stack and print it out 

Doing printf(”%x%x%x%x”); will just dump out the stack (cool!) 

Printf(%n) can write to the stack -> wow

Integer Overflow

Integers have fixed amount of space

If you know there’s a counter in memory, type in a big enough password so the counter wraps around

Let’s it pass some test or trick it in some way 

We also covered shell code

Old hackers would try to make a remote shell pop up w/ privileges 

We covered the national vulnerabiltity database, if you found a new vulnerability, it was numbered and added to the list. Plus we went through some cool bug exercises, we were shown c code and we had to find the flaw. After that we started covering assets, security is there to protect your assets, but sometimes we protect the wrong assets. We need to first brainstorm, what is it we are trying to protect? Ask a lot of people, from different backgrounds on what they think need protecting, and do this every month or so. 

In the evening lecture, the bug bounty group presented. Then we started talking about authentication on the internet, how do we know we are trying to access the correct website? We looked at PKI

PKI

Public Key Infrastructure

A “passport” that links your public key with a domain name

Certified by “trusted” companies

Web browser will authenticate the certificate to make sure you’re accessing the right website 

Week 05: Lecture Reflection

“Don’t roll your own” - leave it to the experts. Meaning don’t try to make your own cryptographic function, hehe watch me 

We spent some time covering Wired Equivalent Privacy (WEP), a security protocol designed to make wifi as secure as wired lan. Unfortunately it was a heavily flawed protocol, with so so many exploits and vulnerabilities. Unsurprisngly, people continued to use it anyways despite knowing it was compromised, kind of like MD5. We covered exclusive ORS (XOR) and how it’s used in WEP to encrypt the packets. The biggest flaw in WEP I think was that an attacker could retransmit a packet back to the access point. And the access point would do all the work, stripping the outer layers and it would then transmit it straight to whatever address the attacker placed in the packet. 

We covered how old phones used tones to access phone calls/international calls. Captain crunch cereal once had a promo where they gave away free whistles, which made the same tone as 2600 hz, same tone used by AT&T for calls. Moral of the story was don’t mix access and control/data. Also covered a bit more about hashing, how a broken hash was when an undesirable property from the protcol was exploited, and allowed a faster break than brute force. Little breaks would lead to bigger breaks, like the rumblings of a volcano. 

We had a guest speaker - Dr Lisa Parker who talked mostly about bias, and how drug companies would host free lunches for doctors, and it would influence the doctors decision on which drug to prescribe. 

“A $20 lunch impacts doctors choice of drug recommendation”. 

Also companies sometimes fund research, but they give an outline of an agenda. And that if something which is bad for the company is discovered, the company can just throw away the research instead of publishing it. 

Insider attacks -> drug companies will target certain people to bias/ corrupt/ influence them, Hard to change 

It’s hard to change how people think

Hidden curriculum - higher ups are a role model of how to act, if the higher ups do the right thing, more will follow?

OPSEC & Passwords Presentation - Just listened didn’t take down any notes 

For the passwords presentation, I found the live demo’s really interesting

Especially when they analysed the text file full of hashed passwords, not surprisingly, “password” was the most common password, followed by 123456 and linkedin third 

That third password made me think back to my highschool days, I had one of those red lenovo laptops given to every student, guess what my password was for it? “lenovo” :) :) 

We covered merkle damgard constructions, how you break down a message into blocks and feed them into a hash function. So you’d start off with an initialisation vector + the first block, pushs it into a hash function which spits out a hash. And you’d combine that hash with your second message block, back into the function etc. He also covered length extension attacks, where once you know the length of the message you can add your own messages at the end. 

We covered digital signatures, MAC’s and HMAC’s. 

First preimage attack - given a hash find the original message 

Second preimage attack - given a hash and a message, find another message that gives the same hash 

Collision attack - given a hash find two messages that give that hash 

Password stretching

Rainbow tables - precomputed passwords stored for brute forcing

Salting 

Lecture 5 - Composition

This lecture covered composition and it was very interesting to find out the workings behind it! I have never thought much about composition as an integral part of our visual perception. In this lecture, we found out more on the different angles of photography shots and how it influences the way we interpret and perceive.

Different compositions can reveal the relationships of power and meaning. For example, an extreme long shot of Grand Central Station in New York show the general environment while having a close up shot of Superwoman show the details of her face and highlights the expression that she has. In a high framing angle, the subject in the picture looks weak and insignificant while a low frame angle makes the subject look majestic and awe-inspiring. An over the shoulder shot gives you the POV of interaction taking place. These different angles brings out different highlights, which in turn influences the viewer’s perspectives and emotions towards the pictures. By setting pictures in different angles, it can evoke different perceptions and emotions in viewers. 

The concept of Fibonacci numbers and the Golden Ratio was intriguing to me as I never knew that calculation of numbers can be linked to the creation of art. These concepts aim to show what it is the ideal result of visual communication. I am intrigued by how mathematical theories can be linked to the construction of art in bringing out optimum visual communication as it shows that art is not an isolated topic altogether but linked to many social issues and is an integral part in understanding our society. How the Fibonacci numbers and Golden ratio is utilised, shows the importance of visual communication in getting messages across to people in the most eye-catching and quickest way. Society is built on the way visual communication is used to shape perceptions and observations.

Lecture 4 - Abstraction and Semiotics

I found this topic particularly enlightening in understanding the mechanics of design in making our society work. Too often at times, we disregard the signs, icons and symbols on the road, taking them for granted and never go beyond exploring how they came into existence. it gave me an insight on the principles of semiotics and how the depiction of symbols influence the way we interpret things and make decisions. 

Semiotics is the study of signs. It can be understood in the ideas of semantics, stigmatics, pragmatics and syntax.

Semantics - the relationship of the sign to its meaning

Semantics explain how the environment and conditions influence the meaning of the sign. It is eye-opening to realise how many signs we take for granted are actually important in conveying information to us. For example, an anti-smoking sign. Given our culture, knowledge and surroundings, we can gather sufficient information that when we see an anti-smoking sign, we are not supposed to smoke there. 

Stigmatics show the dynamics between a signifier (combination of word, sound, image etc.) and signified (a mental concept) where both the signifier and signified have an agreed meaning. It helps simplify the things that we conceive in our society into simple signs that are socially agreed upon.

Syntactics - the relationship between the sign and its form 

Syntactics shortens the time taken to interpret and improve the efficiency of visual communication as it goes straight to the point on the expression.

Pragmatics - the relationship between the sign and it’s receiver

Pragmatics deal with the varying ways the viewer interprets the sign. Pragmatics allow us to be flexible in deciding the degree of interpretation we want the viewer to have or the level of influence on the viewer.

From these ideas, I begin to see how visual communication appeals to the viewer’s perception of sense and the varying degrees of influence it has on the viewer.

On another note, I used to think that abstraction was a very abstract concept until I understood what it truly meant through this lecture. I saw how the role of semiotics come into play in simplifying in abstraction. It taught me that abstraction is a concept of distillation to simplicity. It reduces multiple visual factors to the most essential features, reduction of visual detail to the minimum. It caused me to think about what details bring the most out of an abstract picture and how there are different perspectives and interpretations in distilling an object while it’s meaning is still able to be easily conveyed and understood.

Lecture 2 Reflection - Journals

First of all, I will just like to apologise for the late uploading of reflections. I’ve forgotten to upload them in the midst of busyness of school. So here goes my reflections on this lecture: 

A journal keeps the identity of the artist in place. It documents and tracks the creative process and growth of the artist and provides a structure for experimentation. This structure is not meant to limit the artist, but rather act as guidelines for the artist to organise and gather their thoughts.

Journals can undertake various forms, in the form of mind-maps, abstract art, newspaper scraps put together etc. They help us to visualise the direction and message of our art, bringing ideas from the head to paper.

In a journey as an artist, the identities of artists constantly evolve. Journals act as a reference point and show the raw intention and design process. It shows that sometimes, artists aren't perfect and mistakes can be made. And in the midst of making these mistakes, there is beauty in them and artists learn and build from them to come up with a more wholesome concept for their art. 

I found it interesting in a way that it renewed my perspective of the design process. It showed me that the design process isn't just conveyed in words but it is conveyed in pictures and ideas inspired by creativity.